COMPLETE LISTING OF CLAIMS IN THE CASE 



Please amend Claims 1 , 6, 7 and 8 as follows: 

1 . (Currently Amended) A method of grouping entries in a directory server, said 
directory server configured to contain roles, the method comprising the-step steps 
of: 

assign i ng an ontry to an onumoratod ro le , wh e roby tho ontry can bo so l octod 
by solocting al l ontr i os that possess tho enum e rat e d ro le . 

creating an enumerated role by assigning a plurality of entries to the 
enumerated role, whereby the plurality of entries possess the enumerated role: 

determining what entries possess the enumerated role: and 

providing the plurality of entries that possess the enumerated role to a client. 

2. (Original) The method as in claim 1 wherein the enumerated role is 
possessed by an arbitrary number of entries. 



3. (Original) The method as in claim 1 , further comprising the step of 

if an entry that possesses the enumerated role is a nested role, then rejecting 
that entry without further processing of the entry. 



4. (Original)The method of claim 1 , further comprising the step of: 

providing a set of expressions and boolean operations for use to match 
entries in a directory search. 



5. (Original)The method of claim 4, wherein the expressions comprise any one 
or more of operands connected by the operators: 
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equal 

contains 

sounds like 
greater or equal 
less or equal 
negation 
and 

or 



= where an instance of the attribute exactly 
matches the value; 

which is used as a wild card to allow 
presence check or partial matches; 
~= which is used in name searches; 

which is used for numerical comparisons; 
which is used for numerical comparisons; 
which is used to negate any expression; 
which is used to combine two 
expressions; and 

I which is used to select from two 
expressions. 



>= 
<= 
! 

& 



6. (Currently amended) An apparatus comprising: 

a f i rst compon e nt conf i gur e d to ass i gn an e ntry to an e num e rat e d ro le , 
wh e r e by th e e ntry can b e s ele ct e d by s ele ct i ng a ll e ntr ie s that poss e ss th e 
e num e rat e d ro le . 

a first component creating an enumerated role by assigning a plurality of 
entries to the enumerated role, whereby the plurality of entries possess the 
enumerated role; 

the first component determining what entries possess the enumerated role: 

and 

the first component providing the plurality of entries that possess the 
enumerated role to a second component. 
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7. (Original) The apparatus as in claim [[5]] 6 wherein the first component assigns 
an arbitrary number of entries to said first enumerated role. 

8. (Currently Amended) The apparatus as in claim 6, further comprising: 

a s o oond third component coupled to the directory server configured to reject 
an entry without further processing if the entry that possesses the enumerated role is 
a nested role. 

9. (Original) The apparatus of claim 6, further comprising: 

providing a set of expressions and boolean operations for use to match 
entries in a directory search. 

1 0. (Original) The apparatus of claim 9, wherein the expressions comprise any 
one or more of operands connected by the operators, 

equal = where an instance of the attribute exactly 



matches the value; 



contains 



which is used as a wild card to allow 



presence check or partial matches; 



sounds like 



which is used in name searches; 



greater or equal 



>= 



which is used for numerical comparisons; 



less or equal 



<= 



which is used for numerical comparisons; 



negation 



which is used to negate any expression; 



and 



& 



which is used to combine two 



expressions; and 
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or I which is used to select from two 

expressions. 
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